Your Money ; Scam AlertA public copier is handy, but it may put your secrets at riskA Thief in the Photocopier By Sid KirchheimerSeveral months ago, more than 400,000 New Yorkers received a data breach notification fromhealth care provider Affinity HealthPlan. But the warning wasn’t due to theusual culprits, hackers who break intocorporate computer systems. Rather, itwas prompted by a single o;ce copy-ing machine.You might not think a photocopiercould cause such harm. But considerthis: Starting in 2002, most copiersmanufactured for use by businesses,libraries and copy centers have beenequipped with computer hard drives.“Every time you make a copy, print,scan, e-mail or send a fax from thatmachine, it makes and stores images ofthe document to the hard drive,” sayscopier security expert John Juntunen. Unless thehard drive is erased or replaced, images of copieddocuments—including those with Social Securitynumbers, bank account information or medicalfiles—remain stored inside the machine.“The problem is, about 90 percent of officecopy machines in the U.S. are leased,” he adds,“and when those leases are over, most of thosereturned machines are exported or resold with-out anyone touching them.”For now, there is no evidence that identitythieves have used information left over in copi-ers, says Juntunen, whose company, DigitalCopier Security, provides technology that de-letes data from copier hard drives.But the potential is clearly there. Earlier thisyear, CBS News accom-panied Juntunen to aNew Jersey warehouseand bought four copiersthat had been leased andreturned. One of the ma-chines, formerly used atan A;nity Health Planoffice, yielded medicalrecords of nine indi-viduals. Based on thatmachine and A;nity’s use of many more harddrive-equipped copiers, the company sent outits mass notice of a potential data breach. Themachines also contained police records and paystubs with Social Security numbers.Oneleased copymachineyieldedthe medicalrecordsof ninepeople.In May, Rep. Edward Markey, D-Mass.,called for an investigation. And the Fed-eral Trade Commission announced thatit was “reaching out to copier manufac-turers, resellers, and retail copy and of-fice supply stores to ensure that they areaware of the privacy risks.”Most manufacturers had alreadyacted. Copiers made since 2007 havebeen equipped with built-in technologythat allows the erasing or encrypting ofhard drives. “The real problem is withmachines made from 2003 to 2007,”says Juntunen. Huge numbers of themremain in use across the country—pos-sibly at your library or doctor’s o;ce.So how can you protect yourself?; When you copy sensitive docu-ments, try to use a home printer thathas a copy function. That machine is unlikely tohelp identity thieves: Most home printers thatgenerate 20 or fewer pages per minute have nohard drives.; If you must use a public copier, ask the peoplewho oversee it how they protect users’ informa-tion. Such inquiries will raise awareness of the is-sue and in the long term encourage the erasing ofthe machines’ drives. “No one wants to be respon-sible for resulting problems,” says Juntunen.; Ask whether the machine is owned or leased.Owned copiers are less likely to be resold andreach scammers. ;Sid Kirchheimer is the author of Scam-ProofYour Life, published by AARP Books/Sterling.ASK SID; How can I tell if a ‘skimmer’ has been put on my ATM?t can be hard. These devices thatthieves attach to the card slotin order to capture account in-formation from your card’s mag-netic strip have become more sophis-ticated. One tipoff: Most ATMs have aflashing light at the card slot. If the lightis obscured, that’s a sign of tampering.Other giveaways: a card slot that is notsecurely attached or has a different col-or than the rest of the ATM. Use ATMsin bank lobbies and other places with